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Description 
Technical field 

[0001] The present invention relates generally to se- 
cure communications when data must be sent from a 
transmit device to a receive device in an encrypted form 
and particularly refers to a method of dynamically updat- 
ing encryption keys without having to transmit them. 

Background art 

[0002] Secure communications systems, based on 
cryptography, are used to prevent unauthorized access 
to data on communications links so that sensitive infor- 
mation can be exchanged with little risk of eavesdrop- 
ping. In typical point-to-point cryptographic systems, an 
encryption device transmits encrypted or coded digital 
data to a decryption device over a secure data link. 
[0003] The digital data is encoded using a key known 
only to the encryption and decryption parties in order to 
deny data access by any unauthorized third party. This 
scheme implicitly refers to symmetric encryption, the con- 
ventional method of insuring security in the exchange of 
information being characterized in that the same key is 
used both for encryption and decryption. The security of 
symmetric encryption remains in the key i.e., divulging 
the key means that anyone could encrypt and decrypt 
messages. That is why the algorithms used for symmetric 
encryption are also referred to as secret-key algorithms. 
The best example of this is DES, which stands for Data 
Encryption Standard, and which has been indeed a 
standard since the 70's and is still universally used. 
Again, the security of such an algorithm resides only in 
the key and does not depend, whatsoever, on the secrecy 
of the algorithm. On the contrary, as a standard, the al- 
gorithm is completely specified and made available to all 
users. 

[0004] DES is a block cipher algorithm wherein data 
are encrypted and decrypted in 64-bit blocks. A 64-bit 
block of text is converted by the algorithm into a 64-bit 
block of ciphertext, with no overhead, except the neces- 
sary padding to make the whole message encode a mul- 
tiple of 64 bits. The basic key is 56-bit long although it is 
expressed as a 64-bit number since a parity bit, per byte, 
is used for parity checking however, ignored by the al- 
gorithm. Thus, the key can be any 56-bit number and can 
possibly be changed any time provided both parties have 
asecure meansto agree on a new key before exchanging 
data. To improve the strength of DES i.e., to increase the 
difficulty of breaking it, triple pass DES with 1 12-bit key 
or 168-bit key is also commonly used nowadays. Be- 
cause DES has been around for over 20 years, it has 
been thoroughly tested and has behaved remarkably well 
against years of cryptanalysis. Although it is still secure, 
it becomes obviously relatively weaker due to the dra- 
matic increase in power computation now available in a 
single computer and even more in a group of computers 



cooperating to break such a code. Therefore, breaking 
DES consists 'only' in retrieving the particular key that 
was used to encode a message or a file since algorithm 
itself is completely known as stated above. The trivial 
5 way of achieving this being a brute-force attack in which 
all 2 56 keys of standard DES would be tried, insures that, 
on the average, after 2 28 attempts, encryption key may 
be found. 

[0005] Thus, besides the length of the key, which is 
10 the prime contributorto prevent DESto be easily cracked, 
the other very important contributor is the duration during 
which such a key stays in use between two parties that 
want to keep secret the content of the information they 
are exchanging. As a general rule no encryption key 
15 should be used for an indefinite period of time since the 
longer a key is used, the greater the risk it will be com- 
promised (loss, accident e.g., a key could be accidentally 
displayed in clear due an application software bug) and 
the greaterthe temptation forsomeone to spend the effort 
20 necessary to break it. Breaking a key shared by two 
banks for an extended period of time e.g. one month, 
would enable a hacker to interfere in the exchange of 
money between those two banks during the same period 
of time. Also, the more data are secured with a given key, 
25 the more devastating the loss if the key is compromised. 
Finally, a long lifetime of a key also provides more am- 
munition for an adversary to break it since the adversary 
potentially has access to significantly more data to work 
with. Thus, it is clear that it would be highly desirable that 
30 keys should remain in use for short or very short periods 
of time (and ideally only for one session) so that no attack 
could reasonably be conducted with a good chance of 
success before key is updated. However, this brings the 
usual problem, in symmetric cryptography, to have to dis- 
35 tribute the keys shared by pairs of users over a large 
network. 

[0006] To solve this problem, asymmetric encryption 
was devised. RSA algorithm (named after its creators 
i.e., Rivest, Shamir and Adelman) and asymmetric algo- 
40 rithms in general solve the problem by using two keys: 
one private (secret) key and one public key. Public key 
of party A is made accessible to anybody who has to talk 
to A. Thus, when party B is ready to talk to A, it must use 
A public key to encode a message and because the 
45 scheme is asymmetric, only A using its private (secret) 
key, will be able to decode the message. Therefore, the 
message can contain the secret key to be shared by two 
users utilizing the symmetric encryption method previ- 
ously described i.e. DES. This way of doing, which is 
50 nowadays a standard is, in practice, required because 
RSA and generally speaking all known public-key algo- 
rithms assume a lot of calculations involving exponenti- 
ation and/or discrete logarithms to be computed on very 
large numbers. A RSA secret-key is now commonly a 
55 1 024-bit binary word (rapid progresses have been report- 
ed in the recent years on the cracking of RSA-like keys 
forcing the use of very large keys so that 2048-bit and 
4096-bit keys are considered in the implementation of 
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the crypto -processors specialized to process RSA and 
DES algorithms for fast encryption) assuming that expo- 
nentiations in that range are performed to encrypt a mes- 
sage. Thus, RSA algorithm is reported to be several or- 
ders of magnitude slower than DES, which explain why 
both are most often combined to implement a crypto- 
graphic system. 

[0007] Before the encryption, the compression of data 
is very often used in data communications systems. The 
objective is twofold. Besides limiting the memory required 
to store a compressed file, the chief advantage is that 
less data have to be transmitted overall, thus saving 
bandwidth on expensive communications lines. Also, da- 
ta compression can make cryptanalysis more difficult. 
Most often, to launch an attack especially, a brute-force 
attack, a cryptanalyst needs a small amount of cipher 
data and the corresponding plain data. In practice, this 
may not be difficult to obtain since communications pro- 
tocols, at various levels, have standard message head- 
ers whose formats are well known. Since data compres- 
sion is performed on top of encryption, the corresponding 
plain data are meaningless or at least it becomes very 
difficult to match a particular protocol header. Especially, 
the numerous data compression techniques derivedfrom 
the Ziv-Lempel method (J. Ziv and A. Lempel, "Compres- 
sion of individual sequences via variable-rate coding," 
IEEE Trans. Inform. Theory, vol~IT-24, no~5, 1978) as- 
sume the use of an evolving dictionary in each node 
where data are compressed and decompressed. Then, 
dictionary contains the codeword representation based 
on a tree structure with brother, son and parent links and 
the corresponding character on each node or leaf. It is 
possible to start with an empty dictionary which needs to 
contain however, the first character of each sub-tree. Al- 
though dictionary is constantly evolving, it is kept identical 
on both ends while no specific data exchange need to 
take place to maintain the same contents. This is 
achieved from the transmitted data itself. With such a 
scheme, an identical evolving database is thus available 
on either end of a communication link while the changes 
cannot be deduced, from the observation by an eaves- 
dropper, of the data exchanged over the line. Therefore, 
a dynamic key can be derived from the directory contents 
using some form of one-way function such as hashing in 
order to frequently generate new keys. 
[0008] Therefore, even if data compression before en- 
cryption can improve the security inasmuch as the com- 
pression increases the difficulty of cracking the encryp- 
tion key, a perfect security can be obtained only by chang- 
ing frequently the encryption key. Although RSA key can 
be used to exchange new secret keys, such an exchange 
involve resources, adds overhead and stops the normal 
data transmission since the security association should 
be restarted. This is why secret keys are not changed 
very often and would never be changed at each packet. 
But keeping the same key during some time opens ways 
to spy, modify, reroute or copy the data using copy and 
paste to another stream and is not safe whatever the 



complexity of the encryption is. 

[0009] US patent 4,1 57,454 entitled "Method and Sys- 
tem for Machine Enciphering and deciphering" discloses 
a method and system wherein variable length data words 

5 are processed segment-by-segment together with cor- 
responding segments of an enciphering key. As a func- 
tion of the contents of a data segment, one of several 
modification modes is chosen. In accordance with the 
chosen modification mode, the enciphering key is 

10 changed following each enciphering operation of a seg- 
ment. The described steps are preferably carried out 
three times for the full data word. The result of the third 
cycle represents the enciphered data word. Deciphering 
is effected in the same manner. 

15 [0010] Publication entitled "Interlace Coding System 
Involving Data Compression Code, Data Encryption 
Code and Error Correcting Code" (2334B IEICETRANS- 
ACTIONS ON COMMUNICATIONS Vol. E-75B, no. 6, 
June 1992, pages 458-465 TOKYO) discloses an Inter- 
ne face Coding System (ICS) involving data compression 
code, data encryption code and error correction code with 
an analysis on the error performance on additive white 
Gaussian noise (AWGN) channel with quadrature phase 
shift keying (QPSK). The proposed system handles data 

25 compression, data encryption and error correcting proc- 
esses together, i.e. adds error correcting redundancy to 
the block lists of the dictionary in which compression sys- 
tem constructs to reduce source redundancy. Each block 
list is encoded by Ziv-Lempel code and Data Encryption 

30 Standard (DES). As the catastrophic condition deter- 
mined by the data compression procedure is not negli- 
gible, error correcting redundancy should be added so 
as to avoid catastrophic condition. It has been found that 
the catastrophic condition depends only on the size of 

35 the dictionary forthe proposed system. Thus by employ- 
ing a large dictionary, good error performance can be 
applied by the proposed system and the catastrophic 
condition can be avoided. 

40 Summary of the invention 

[001 1 ] Therefore, the main object of the invention is to 
improve the security of a symmetric cryptographic sys- 
tem by allowing to change frequently the common secret 
45 key. 

[0012] It is a further object of the invention to provide 
a method of dynamically updating the common encryp- 
tion/decryption key of a symmetric encryption system on 
both ends of a secure communication link without having 

50 to actually exchange a new key, thus avoiding the fre- 
quent use of a public-key asymmetric encryption system 
or any equivalent system of distributing keys. 
[001 3] It is another object of the invention to derive the 
next secret key to use from an evolving database, the 

55 contents of which are kept identical on both ends of a 
communication link, such as the dictionary of a data com- 
pressing system. 

[0014] The invention relates therefore to a method of 
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updating in a data communications system, the encryp- 
tion key shared by nodes on both ends of a communica- 
tion link. The nodes include an identically evolving data 
base. When having totransmit dataf rom one of the nodes 
towards its peer remote node, the data base is first up- 
dated from the data to be transmitted. Then, from the 
current value of a key, encryption is performed over the 
data that are thus transmitted to the peer remote node. 
After which, a next-to-use encryption key is derived from 
the new contents of the data base. When the encrypted 
data are received by the peer remote node, they are first 
decrypted with the current value of the encryption key. 
Then, the data base of peer remote node is updated iden- 
tically from the received decrypted data. From the con- 
tents of the data base, a next-to-use encryption key is 
derived, thereby obtaining in the peer remote node a 
next-to-use identical key. 

[001 5] In a preferred embodiment of the invention the 
data base is the dictionary of a data compression/decom- 
pression system used simultaneously with encryption/ 
decryption to transmit data. The method of the invention 
permits that the key of a symmetric encryption system 
be frequently updated on both ends of a secure commu- 
nication link thus, greatly improving security, without re- 
quiring that new keys need to be actually transmitted. 

Brief description of the drawings 

[0016] Further objects, features and advantages of the 
present invention will become apparent to the one skilled 
in the art upon examination of the following description 
in reference to the accompanying drawings. 

Fig. 1 is a schematic block-diagram showing the min- 
imum network configuration necessary to implement 
the method according to the invention. 
Fig. 2 is a block diagram of a node comprising all the 
features used to implement the method according to 
the invention. 

Fig. 3 is a flow chart showing the different steps to 
the method according to the invention when trans- 
mitting to a remote node. 

Fig. 4 is a flow chart showing the different steps of 
the method according to the invention when receiv- 
ing from a remote node. 

Detailed description of the invention 

[0017] Fig. 1 describes the minimum network config- 
uration necessary to better understand the framework of 
the invention. In this network two DTE's (data terminal 
equipment) devices DTE1 1 0 and DTE2 1 2 communicat- 
ing respectively through nodes NODE 1 14 and NODE 
2 1 6 have to establish a secure communication over e.g. 
a WAN (Wide Area Network) connection 18 thus, forming 
a security association 20 referred to as SA in the follow- 
ing. Therefore, nodes 14 and 16 have the capability of 
encrypting and decrypting their communications using a 



common secret key. The key is kept constantly updated, 
with the mechanism of the invention as further described 
in the following figures, so as to greatly improve the se- 
curity of the transactions over the WAN connection 18. 

5 This mechanism is based on the assumption that an 
evolving data base 22 or 24 is present in each node the 
contents of which are kept identical. On the contrary, 
communications between DTE1 and NODE 1 14 on one 
hand and between DTE2 and NODE 2 16 on the other 

10 hand are in clearsincetheyare assumed to be performed 
in a secure confined environment, e.g. within a single 
box located in user's premises. The method of the inven- 
tion assumes that a first common key is available in 
NODE 1 14 and NODE 2 16 to start playing with. The 

15 way this is achieved (once at initialization and possibly 
at regular intervals or on the occurrence of an event later 
on) is beyond the scope of the invention and could be 
performed, e.g. through the use of a public-key algorithm, 
such as RSA, well known from the art and briefly de- 

20 scribed here above in the background art section, or 
through any other method of distributing a secret key. It 
is worth noting that forming such a SA or restoring it after 
awhile (because SAs are generally configured so as they 
time out anyway, for security sake, irrespective of the 

25 traffic, but are only restored on demand) is disruptive for 
the ongoing traffic, or needs time to be re-established, 
while the method of the invention which allows to fre- 
quently update keys does not hold traffic whatsoever. 
[0018] Fig. 2 better describes a node 30, of the kind 

30 shown in Fig. 1 , interfacing a DTE 32 on one end and a 
transmission line 34 on the otherend. The Node includes 
a 'DTE Interface and Flow Control circuitry' 36 whose 
function, in cooperation with 'Microcontroller' 38, is to 
achieve the temporary storing, into a 'Buffer Memory' 40, 

35 of the data stream or packets received from DTE 32 so 
that they are eventually transmitted to a remote node. As 
an example, this is performed here with the help of a 
'Memory and DMA (Direct Memory Access) Controller' 
42. Then, data packets are sent to a 'Data Compressor/ 

40 Decompressor' 44 which uses and updates a Dictionary 
46. On each data packet or set of packets, forming an 
entity to be transmitted over the transmission line 34, a 
one-way function 48 such as hashing or CRC (Cyclic 
Redundancy Checking) is performed on Dictionary 46 so 

45 as to compute a fixed-size digest or signature of it reflect- 
ing its current contents. This is typically a 1 00-bit to 200- 
bit vector which is passed to 'Data Encryptor and De- 
cryptor' 50 from which the next key to be used is gener- 
ated and used over the compressed data also sent to 

50 'Data Encryptor and Decryptor' 50. Then, encrypted 
packets are sent to a remote node through a Line Inter- 
face and Flow Control circuitry 52 for low layer encapsu- 
lation and transmission over line 34. 
[0019] Receiving is similar to what is just described 

55 here above in reverse order though. Encrypted data re- 
ceived from the line 34 are stored alike in 'Buffer Memory' 
40 after having been decrypted using the current key 
available in 'Data Encryptor and Decryptor' 50. Once de- 
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crypted, compressed data is sent to 'Data Compressor/ 
Decompressor' 44 and Dictionary 46 is updated, allowing 
to generate a new key value derived from the new con- 
tents of the dictionary with the same one-way function 
48 here above mentioned. This new value is passed to 
'Data Encryptor and Decryptor' 50 in order to be used for 
a next data packet or set of data packets. The decom- 
pressed data is stored temporarily in Buffer Memory 40 
before being sent, in clear, to DTE 32 through 'DTE In- 
terface and Flow Control' circuitry 36. 
[0020] Fig. 3 describes the encryption process which 
starts when a new key has been made available in both 
nodes i.e., in nodes 14 and 16 shown previously in Fig. 
1 , which are then able to establish a secure communica- 
tion between them forming a new security association or 
SA already discussed in Fig. 1 . Step 54 checks whether 
a new SA has just been defined. This is the case when- 
ever a secure communication is initialized, but also each 
time a new encryption key is exchanged later on, through 
another channel, or with a different mechanism, e.g. by 
enabling a key exchange through a secure session using 
a public-key encryption system, a technique well-known 
from the art. According to the invention, a new security 
association can also be formed periodically or upon the 
occurrence of a particular event such as overflowing of 
the packet sequence number or detecting transmission 
of errors. 

[0021] If this is indeed the case, one proceeds to step 
56 where the current encryption key, simply referred to 
as KEY in the following, becomes the new SA key. Also, 
the sequence number 'SIM' used in the encryption proto- 
col header is reset to 1 . However, if answer to interroga- 
tion 54 is negative (the usual case) KEY is updated at 
step 58 from a value derived from the encryption diction- 
ary 46 shown in Fig. 2. As already discussed this value 
used to update the current key is generally speaking a 
fixed-size digest, e.g. the result of a hash function or a 
CRC, applied on the contents of the dictionary which are 
constantly evolving depending upon the data exchanged 
between the two nodes. 

[0022] Once a KEY is defined, step 60 is performed 
during which data is compressed. The latter step may be 
made as sophisticated or as simple as necessary de- 
pending on which criterion must be first considered. For 
example, a simple compression algorithm could be re- 
tained if computing resources are scarce in nodes. How- 
ever, if computing resources are not the limiting factor, 
one may decide to get a better compression ratio using 
amorecomplexmethodsuch asthe one defined in stand- 
ard V.42 bis of ITU-T (International Telecommunications 
Union) based on the Ziv-Lempel algorithm previously dis- 
cussed. However, whicheversolution is adoptedforcom- 
pression, the main objective remains that codewords are 
used in transmission instead of real data, codewords 
based on an evolving dictionary are actually exchanged. 
[0023] When compression is done, compressed data 
is encrypted at step 62 using current KEY. After which, 
at step 64 an encrypted packet is formatted whose head- 



er 'Sequence Number' SN 66 is incremented by one so 
as the enciphered data can be sent over the line to the 
peer remote node. It is worth noting here that SN field is 
always a fixed-size field (typically a 1 6-bit wide field) so 

5 as SN counter eventually wraps. Therefore, it is a good 
practice that wrapping of the counter associated to this 
field triggers a new SA so that key updating process 
resumes with afresh seed key further contributing to keep 
nodes transactions secure. 

w [0024] Finally, step 68 performs a hash on the new 
dictionary contents (or whichever function is selected to 
get a fixed-size digest of it) in order to build a new key 
that is used at next loop when process resumes at step 
54. 

15 [0025] Fig. 4 describes the decryption process which 
starts with the receiving of a new packet from a peer 
node. This may take place only after a SA (security as- 
sociation) has been set between the two nodes and im- 
plies that a first common key is available in them to start 

20 with. Steps 70, 72 and 74 are just identical to what is 
described forthe encryption process in Fig. 3 here above. 
Briefly, KEY to use, as with encryption, is either a new 
key resulting of a new SA or an updated one resulting of 
a computation over current contents of dictionary. Once 

25 KEY is selected, next step 76 is to decrypt the incoming 
data from it. Then, at step 78 data is de-compressed. 
While starting from the current contents of the dictionary, 
the decompression step itself has the effect of updating 
it, based on the new received data from the peer node 

30 (so as dictionary is constantly evolving). Finally, as with 
encryption, a new hash on the dictionary contents must 
return, step 80, a value identical to the one obtained with 
the encryption process, in the remote node, and from 
which the same new key is derived after which receive 

35 process resumes at step 70. Obviously, all this implicitly 
assumes that no error occurs in the transmission so as 
the evolution of the dictionaries is kept identical on both 
ends of the secure link. However, as soon as an error is 
detected, all standard methods known from the art may 

40 possibly be applied to recover so as communication can 
resume in a known state. This includes the simple solu- 
tion of restarting from scratch with a new key while dic- 
tionaries are reset. As far as this latter point is concerned 
the invention does not assume that, at initialization or 

45 after a recovery on error, dictionaries need to be 'blanked' 
or may just contain a skeleton from which they are pro- 
gressively rebuilt through the data compression process. 
Dictionaries may be filled with predefined values howev- 
er, at the expense of having to consider this as a secret 

50 to be protected like keys. 



Claims 

55 1. Method of updating an encryption key in a data com- 
munication system comprising a transmitting node 
(14) which receives clear data from a transmitting 
DTE (1 0) and a receiving node (1 6) which transmits 
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clear data to a receiving DTE (12), said transmitting 
and receiving nodes forming a security association 
(20) sharing said encryption key for communicating 
cipher data between them and including identically 
evolving databases (22 or 24); said method compris- 5 
ing the steps of : 

upon transmitting data from said transmitting 
node to said receiving node : 

10 

- updating said data base (22), in said trans- 
mitting node by using said clear data re- 
ceived from said transmitting DTE, 

- encrypting (62) in said transmitting node 
data to be transmitted by using the current 15 
value of said encryption key, 

- transmitting (64) encrypted data to said 
receiving node, and 

- deriving (68) from the new contents of said 
data base in said transmitting node, a next- 20 
to-use encryption key, 

upon receiving encrypted data in said receiving 
node : 

25 

- decrypting (76) in said receiving node, re- 
ceived encrypted data by using the current 
value of said encryption key, 

- updating identically said data base (24) in 
said receiving node, by using the received 30 
decrypted data, 

-deriving (80) from contents of said updated 
data base in said receiving node, a next-to- 
use decryption key identical to said next-to- 
use encryption key; 35 

characterized in that said identically evolving data 
base (22 or 24) in said transmitting node (14) and 
receiving node (1 6) is an identical dictionary (46) for 
respectively compressing data before encrypting in 40 
saidtransmitting node and decompressing data after 
decrypting in said receiving node. 

2. The method according to claim 1 , further comprising 

a step of compressing (60) said clear data received 45 
from said transmitting DTE (1 0) by said transmitting 
node (14) before said step of encrypting. 

3. The method according to claim 2, further comprising 

a step of decompressing (78) the decrypted data af- 50 
ter said step of decrypting in said receiving node (1 6) 
before transmitting clear data to said receiving DTE 
(12). 

4. The method according to any one of the preceding 55 
claims, wherein said identical dictionary in said 
nodes (14, 16) is the result of using the Ziv-Lempel 
algorithm or any one of its variants to perform said 



data compressing and said data decompressing. 

5. The method according to any one of the previous 
claims, wherein said steps of deriving said next-to- 
use encryption/decrytion key further include the step 
of obtaining a digest from the current contents of said 
evolving data base (22, 24), said step of obtaining a 
digest further including the step of utilizing directly 
said digest as the next-to-use key or combining said 
digest to said current key to get a next-to-use key. 

6. The method according to claim 5, wherein said step 
of obtaining a digest from the contents of said evolv- 
ing data base (22, 24) is a step of hashing to a fixed- 
size value (68 or 80). 

7. The method according to claim 5, wherein said step 
of obtaining a digest from the contents of said evolv- 
ing data base (22, 24) is a step of computing a CRC. 

8. The method according to claim 5, wherein said step 
of obtaining a digest from the contents of said evolv- 
ing data base (22, 24) is a step of detecting applying 
any other one-way like function. 

9. The method according to any one of the previous 
claims, wherein a new security association (20) is 
formed periodically or upon overflowing of the packet 
sequence number. 

10. The method according to any one of the previous 
claims, wherein a new security association (20) is 
formed periodically or upon detecting transmission 
errors. 

1 1 . The method according to claim 9 or 1 0, wherein said 
data base (22, 24) is reset to a secret set of values 
on restarting said new security association (20). 

12. The method according to any one of the previous 
claims, wherein said data base (22, 24) is reset to a 
secret set of values on initialization. 

13. A secure data communications system comprising 
means adapted for carrying out the method accord- 
ing to any one of the previous claims. 

14. A computer-readable medium comprising instruc- 
tions for carrying out the method according to any 
one of the claims 1 to 12. 



Patentanspruche 

1. Verfahren zur Aktualisierung eines Verschlusse- 
lungsschlussels in einem Datenubertragungssy- 
stem, daseinen Sendeknoten (14), der unverschlus- 
selte Daten von einer Sende-Datenendeinrichtung 
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(1 0) empfangt, und einen Empfangsknoten (1 6), der 
unverschlusselte Daten an eine Empfangs-Daten- 
endeinrichtung (1 2) sendet, umfasst, wobei derSen- 
deknoten und der Empfangsknoten eine Sicher- 
heitskombi nation (20) bilden, den Verschlusse- 5 
lungsschlussel zum Austausch von VerschlGsse- 
lungsdaten zwischen ihnen gemeinsam benutzen 
und identische sich weiterentwickelnde Datenban- 
ken (22 oder24) enthalten; wobei das Verfahren die 
folgenden Schritte umfasst: 10 

nach der Ubertragung von Daten von dem Sen- 
deknoten an den Empfangsknoten: 

- Aktualisieren der Datenbank (22) in dem is 
Sendeknoten, indem die von der Sende- 
Datenendeinrichtung empfangenen unver- 
schlusselten Daten verwendet werden, 

- VerschlCisseln (62) von zu sendenden Da- 
ten in dem Sendeknoten, indem der aktuelle 20 
Wert des Verschlusselungsschlussels ver- 
wendet wird, 

- Senden (64) von verschlusselten Daten 
an den Empfangsknoten und 

- Ableiten (68) eines als Nachstes zu ver- 25 
wendenden Verschlusselungsschlussels 
von dem neuen InhaltderDatenbankindem 
Sendeknoten, 

nach dem Empfang von verschlusselten Daten 30 
in dem Empfangsknoten: 



ten Daten umfasst, die der Sendeknoten (14) von 
derSende-Datenendeinrichtung(10)vordemSchritt 
der Verschlusse lung empfangen hat. 

3. Verfahren nach Anspruch 2, das des Weiteren einen 
Schritt der Dekomprimierung (78) der entschlussel- 
ten Daten im Anschluss an den Schritt der Entschlus- 
selung in dem Empfangsknoten (16) umfasst, bevor 
unverschlusselte Daten an die Empfangs-Daten- 
endeinrichtung (12) gesendet werden. 

4. Verfahren nach einem dervorhergehenden Anspru- 
che, wobei das identische Worterbuch in den Knoten 
(1 4, 1 6) das Ergebnis der Verwendung des Ziv-Lem- 
pel-Algorithmus oder einer beliebigen seiner Varian- 
ten ist, um die Datenkomprimierung und die Daten- 
dekomprimierung durchzufuhren. 

5. Verfahren nach einem dervorhergehenden Anspru- 
che, wobei die Schritte des Ableitens des als Nach- 
stes zu verwendenden Verschlusselungs-/Ent- 
schlusselungsschlussels des Weiteren den Schritt 
des Abrufens einer Zusammenfassung des aktuel- 
len Inhalts der sich weiterentwickelnden Datenbank 
(22, 24) beinhalten, wobei der Schritt des Abrufens 
einer Zusammenfassung des Weiteren den Schritt 
derdirekten Verwendung derZusammenfassung als 
den als Nachstes zu verwendenden Schlussel oder 
der Verknupfung der Zusammenfassung mit dem 
aktuellen Schlussel beinhaltet, um einen als Nach- 
stes zu verwendenden Schlussel zu erhalten. 



- Entschlusseln (76) der empfangenen ver- 
schlusselten Daten in dem Empfangskno- 
ten, indem der aktuelle Wert des Verschlus- 35 
selungsschlussels verwendet wird, 

- identisches Aktualisieren der Datenbank 
(24) in dem Empfangsknoten, indem die 
empfangenen entschlusselten Daten ver- 
wendet werden, 40 

- Ableiten (80) eines als Nachstes zu ver- 
wendenden Entschlusselungsschlussels, 
der mit dem als Nachstes zu verwendenden 
Verschlusselungsschlussel identisch ist, 
von dem Inhalt der aktualisierten Daten- 45 
bank in dem Empfangsknoten; 

dadurch gekennzeichnet, dass die sich identisch 
weiterentwickelnde Datenbank (22 oder 24) in dem 
Sendeknoten (1 4) und in dem Empfangsknoten (1 6) 50 
ein identisches Worterbuch (46) ist, um Daten vor 
der Verschlusselung in dem Sendeknoten zu kom- 
primieren beziehungsweise Daten nach der Ent- 
schlusselung in dem Empfangsknoten zu dekompri- 
mieren. 55 

2. Verfahren nach Anspruch 1 , das des Weiteren einen 
Schritt der Komprimierung (60) der unverschlussel- 



6. Verfahren nach Anspruch 5, wobei der Schritt des 
Abrufens einer Zusammenfassung des Inhalts der 
sich weiterentwickelnden Datenbank (22, 24) ein 
Schritt ist, in dem mittels der Hash-Funktion eine Ab- 
bildung auf einen Wert fester GroRe (68 oder 80) 
vorgenommen wird. 

7. Verfahren nach Anspruch 5, wobei der Schritt des 
Abrufens einer Zusammenfassung des Inhalts der 
sich weiterentwickelnden Datenbank (22, 24) ein 
Schritt ist, in dem ein CRC-Wert berechnet wird. 

8. Verfahren nach Anspruch 5, wobei der Schritt des 
Abrufens einer Zusammenfassung des Inhalts der 
sich weiterentwickelnden Datenbank (22, 24) ein 
Schritt ist, in dem die Anwendung einer beliebigen 
anderen Funktion, die ahnlich einer Einwegfunktion 
ist, festgestellt wird. 

9. Verfahren nach einem dervorhergehenden Anspru- 
che, wobei eine neue Sicherheitskombination (20) 
in regelmaRigen Abstanden oder nach dem Uber- 
laufen der Paketfolgenummer gebildet wird. 

10. Verfahren nach einem dervorhergehenden Anspru- 
che, wobei eine neue Sicherheitskombination (20) 



7 



13 



EP 1 107 504 B1 



14 



in regelmaBigen Abstanden oder nach der Feststel- 
lungvon Ubertragungsfehlern gebildet wird. 

1 1 . Verfahren nach Anspruch 9 oder Anspruch 1 0, wobei 
die Datenbank (22, 24) nach dem Neustart der neu- 
en Sicherheitskombination (20) auf einen geheimen 
Satz von Werten zuruckgesetzt wird. 

1 2. Verfahren nach einem der vorhergehenden Anspru- 
che, wobei die Datenbank (22, 24) nach der Initiali- 
sierung auf einen geheimen Satz von Werten zu- 
ruckgesetzt wird. 

13. Sicheres Datenubertragungssystem, das ein Mittel 
umfasst, welches zur Durchfuhrung des Verfahrens 
nach einem der vorhergehenden Anspruche ausge- 
legt ist. 

14. Rechnerlesbarer Datentrager, der Befehle zur 
Durchfuhrung des Verfahrens nach einem der An- 
spruche 1 bis 12 umfasst. 



Revendications 

1 . Procede de mise a jour d'une cle de cryptage dans 
un systeme de communications de donnees com- 
prenantun noeud d'emission (14) qui recoit des don- 
nees en clair d'un equipement DTE d'emission (10) 
et un noeud de reception (1 6) qui transmet des don- 
nees en clair a un equipement DTE de reception 
(12), lesdits noeuds d'emission et de reception for- 
mant une association de securite (20) partageant 
ladite cle de cryptage pour communiquer des don- 
nees chiffrees entre eux et comprenant des bases 
de donnees evoluant de maniere identique (22 ou 
24), 

ledit procede comprenant les etapes consistant a : 

lors de remission de donnees depuis ledit noeud 
d'emission vers ledit noeud de reception : 

- mettre a jour ladite base de donnees (22) 
dans ledit noeud d'emission en utilisant les- 
dites donnees en clair recues dudit equipe- 
ment DTE d'emission, 

- crypter (62) dans ledit noeud d'emission 
les donnees devant etre transmises en uti- 
lisant lavaleuren cours de laditecle de cryp- 
tage, 

- transmettre (64) les donnees cryptees 
audit noeud de reception, et 

- obtenir (68) a partir des nouveaux conte- 
nus de ladite base de donnees dans ledit 
noeud d'emission, la prochaine cle de cryp- 
tage a utiliser, 

lors de la reception de donnees cryptees dans 



ledit noeud de reception : 

- decrypter (76) dans ledit noeud de recep- 
tion, les donnees cryptees recues en utili- 

5 sant la valeur en cours de ladite cle de cryp- 

tage, 

- mettre a jour de maniere identique ladite 
base de donnees (24) dans ledit noeud de 
reception, en utilisant les donnees decryp- 

10 tees recues, 

- obtenir (80) a partir du contenu de ladite 
base de donnees mise a jour dans ledit 
noeud de reception, la prochaine cle de de- 
cryptage a utiliser identique a ladite prochai- 

15 ne cle de cryptage a utiliser, 

caracterise en ce que ladite base de donnees evo- 
luant de maniere identique (22 ou 24) dans ledit 
noeud d'emission (14) et ledit noeud de reception 
20 (1 6) est un dictionnaire identique (46) destine a res- 
pectivement compresser les donnees avant le cryp- 
tage dans ledit noeud d'emission et a decompresser 
les donnees apres le decryptage dans ledit noeud 
de reception. 

25 

2. Procede selon la revendication 1, comprenant en 
outre une etape consistant a compresser (60) lesdi- 
tes donnees en clair recues dudit equipement DTE 
d'emission (1 0) par ledit noeud d'emission (14) avant 

30 ladite etape de cryptage. 

3. Procede selon la revendication 2, comprenant en 
outre une etape consistant a decompresser (78) les 
donnees decryptees apres ladite etape de decryp- 
ts tage dans ledit noeud de reception (16) avant la 

transmission des donnees en clair audit equipement 
DTE de reception (12). 

4. Procede selon I'une quelconque des revendications 
40 precedentes, dans lequel ledit dictionnaire identique 

dans lesdits noeuds (14, 16) est le resultat de ('utili- 
sation d'un I'algorithme de Ziv-Lempel ou de I'une 
quelconque de ses variantes pour realiser ladite 
compression de donnees et ladite decompression 
45 de donnees. 

5. Procede selon I'une quelconque des revendications 
precedentes, dans lequel lesdites etapes d'obten- 
tion de ladite prochaine cle de cryptage/decryptage 

50 a utiliser comprend en outre I'etape consistant a ob- 
tenir une synthese a partir du contenu en cours de 
ladite base de donnees evoluant (22, 24), ladite eta- 
pe consistant a obtenir une synthese comprend en 
outre I'etape consistant a utiliser directement ladite 

55 synthese en tant que prochaine cle a utiliser ou a 
combiner ladite synthese pour ladite cle en cours 
pour obtenir une prochaine cle a utiliser. 
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6. Precede selon la revendication 5, dans lequel ladite 
etape d'obtention d'une synthese a partir du contenu 
de ladite base de donnees evoluant (22, 24) est une 
etape consistant a hacher a une valeur a taille fixe 
(68 ou 80). 5 

7. Procede selon la revendication 5, dans lequel ladite 
etape d'obtention d'une synthese a partir du contenu 
de ladite base de donnees evoluant (22, 24) est une 
etape de calcul d'un controle CRC. 10 

8. Procede selon la revendication 5, dans lequel ladite 
etape d'obtention d'une synthese a partir du contenu 
de ladite base de donnees evoluant (22, 24) est une 
etape de detection de I'application d'une autre fonc- is 
tion quelconque telle qu'une fonction unidirection- 
nelle. 

9. Procede selon I'une quelconque des revendi cations 
precedentes, dans lequel une nouvelle association 20 
de securite (20) est formee periodiquement ou lors 

du depassement de capacite du numero de sequen- 
ce de paquet. 

10. Procede selon I'une quelconque des revendications 25 
precedentes, dans lequel une nouvelle association 

de securite (20) est formee periodiquement ou lors 
de la detection d'erreurs de transmission. 

11. Procede selon la revendication 9 ou 10, dans lequel 30 
ladite base de donnees (22, 24) est reinitialisee a un 
ensemble de valeurs secret lors du redemarrage de 
ladite nouvelle association de securite (20). 

12. Procede selon I'une quelconque des revendications 35 
precedentes, dans lequel ladite base de donnees 
(22, 24) est reinitialisee a un ensemble de valeurs 
secret lors de I'initialisation. 

13. Systeme de communications de donnees securise 40 
comprenant un moyen concu pour realiser le proce- 
de conforme a I'une quelconque des revendications 
precedentes. 

14. Supportlisibleparunordinateurcomprenantdesins- 45 
tructions destinees a realiser le procede conforme a 
I'une quelconque des revendications 1 a 12. 
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